On Mon, Jan 28, 2013 at 8:29 AM, <cr...@gtek.biz> wrote: > On Friday, January 25, 2013 11:17, "Tom H" <tomh0...@gmail.com> said: >>>>> >>>>> I am running Debian Wheezy, and have installed kvm. When I list my >>>>> iptables rules there are a set of default rules defined, and >>>>> forwarding is set up for my virtual network. For the life of me I can >>>>> not figure out where these rules are defined, and I would like to >>>>> make some changes that I want to be permanent. Would anyone mind >>>>> enlightening me as where I can find the source of those rules? >>>>> >>>>> grep -RIil iptables /etc/* returns nothing. >> >> To the OP: AFAIK, if you set up a nat-based VM, libvirt/qemu'll set up >> the rules that you're seeing. If they're in a grepable form, there'll >> probably be under "/usr". > > I think you are correct as far as where the rules came from, but I > don't think they are going to be grepable. The source contains > iptables.c, and a few other similarly named files. I haven't done C in > a while, but I'll try to make sure that is where my rules came from. > There are also changelog entries that appear to back this up as well. > > I'll do a bit more digging, but I think I have my answer. > > Thanks!
You're welcome. I've found a confirmation of my "AFAIK": https://bugzilla.redhat.com/show_bug.cgi?id=433484#c1 <begin> First, it is already possible to avoid the iptables rules - simply do not request a NAT based virtual network. The 'default' virtual network is intentionally NAT based. You are free to remove this & default one which doesn't provide NAT. Second, if there are specific flaws you can enumerate with the current iptables rules then file bugs about them. They are intended to allow only traffic from guests attached to the network's associated bridge defautl (eg 'virbr0') & its configured ip address range. So if this isn't working in some scenarios then we need to know what those scenarios are so we can fix them. </end> -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAOdo=szov+tusjhryqzxhez6d8b7fje_ul+z2am5do72ju+...@mail.gmail.com
